Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
437
VMScore
CVE-2017-14725
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Wordpress Wordpress
668
VMScore
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Wordpress Wordpress
1 Github repository
580
VMScore
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
517
VMScore
CVE-2016-2221
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress prior to 4.4.2 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsi...
Wordpress Wordpress
2 Github repositories
670
VMScore
CVE-2017-16510
WordPress prior to 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-1...
Wordpress Wordpress
314
VMScore
CVE-2016-7168
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress prior to 4.6.1 might allow remote malicious users to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a c...
Wordpress Wordpress
11 Github repositories
386
VMScore
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
312
VMScore
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
668
VMScore
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
1 Article
358
VMScore
CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress prior to 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
Wordpress Wordpress
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »